Rapid Product Security Incident Response Using a Workflow ...

[Pages:32]Rapid Product Security Incident Response Using a Workflow Based Solution

Diane Mickelson, dmickel@us.

Rod Henderson, rodhende@us.

Please Note:

? IBM's statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM's sole discretion.

? Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision.

? The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract.

? The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. ? Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual

throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.

1

Agenda

? IBM PSIRT ? Tooling Design Challenge ? Workflow-Based PSIRT ? PSIRT Demo

2

IBM PSIRT

IBM PSIRT Roles

Main players

? PSIRT Operations ? Oversees PSIRT Tool and compliance

? Product Responder ? Performs detailed analysis and creates remediation plan

? Brand Lead ? Monitors actions of Brand team to ensure activity and progress

? Pillar Lead ? Oversees vulnerability assessments performed by the Product Teams

? Scorer (IBM X-Force) ? Determines severity of the vulnerability and provides both the Common Vulnerability Scoring System (CVSS) details and the Common Vulnerability and Exposure (CVE)

? Other Reviewers

PSIRT users responsibility:

? Collaborate with PSIRT and Brand team ? Validate vulnerability ? Multi-tiered review of Remediation and Communication Plan

(approach and timeline to address issue) ? Adhere to plan ? Prevent disclosure of sensitive information

4

IBM PSIRT

PSIRT

Brand 1

Brand n

Pillar 1

Pillar n

Pillar 1

Pillar n

Product 1

Product n

Product 1

Product n

Product 1

Product n

Product 1

Product n

PSIRT Operations

Brand Lead

Pillar Lead

Scorers

Other Reviewers

Security Bulletin Reviewer

Responder

Remediation Plan Reviewer

5

Tooling Design Challenge

Simple scenario PSIRT process workflow

X-Force updates advisory with CVE and CVSS Details

PSIRT Operations ? Open Source ? 3rd party

reporter

Brand Lead, Pillar Lead or Responder ? Internally

found ? Customer

Event notification sent

Responder researches vulnerabilities and requests scoring

Create Advisory

Create Product Record(s)

Advisory ? represent a security vulnerability

Product Record ? unique representation for a product/offering/component potentially affected

Responder PSIRT Operations

Responder documents Remediation and Communication Plan

Remediation Plan Reviewers Remediation Plan Reviewer PSIRT Leadership* Other Reviewers*

Review Plan

Draft Security Bulletin

Develop Fix

Publish Fix and Bulletin

Review Security Bulletin

Bulletin Reviewers Security Bulletin Reviewer PSIRT Operations Other Reviewers*

* Additional reviews may not be needed 7

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download